FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes how to connect to a FortiEMS over an IPsec VPN tunnel.

Let’s assume that the site-to-site IPSEC VPN tunnel is up and the traffic can pass through just fine.

1) Adding the Forticlient EMS.
Go to Security Fabric -> Fabric Connectors and select 'Create New'.

2) Select FortiClientEMS.
Fill out Name and IP/Domain name and the HTTPS port

3) Select 'OK'.
Even though the server is added, it is not reflected as connected in the status.

4) Open the CLI and modify the 'source-ip' configuration for FortiClientEMS
# config endpoint-control fctems
    edit NAME of your EMS
        set source-ip X.X.X.X
'source-ip' is FortiGate interface IP whose subnet is added in IPSEC tunnel phase-2 local subnet settings.

5) The Fabric Connector for the Forticlient EMS should now be green and up.